502 vs 503: Bad Gateway vs Service Unavailable
502 and 503 can look similar in logs, but they tell clients, crawlers, and API consumers different things.
| Aspect | HTTP 502 โ Bad Gateway | HTTP 503 โ Service Unavailable |
|---|---|---|
| Definition | Your reverse proxy (nginx, Cloudflare, load balancer) received a bad or unreadable response from the application server or upstream service it was proxying to. | The server is temporarily unable to handle the request. Unlike 500, this is usually a known, often intentional condition. The Retry-After header, when present, estimates when the server will be available. |
| Plain-language summary | A gateway or proxy received an invalid, unreadable, or unexpected response from an upstream server. The problem is between your proxy (Nginx, Cloudflare, ALB) and the upstream application server. The upstream may be down, crashed, or sending a malformed response. | The server is temporarily unable to handle the request due to overload or scheduled maintenance. Unlike 500, this is often a known, intentional state. The Retry-After header, when present, estimates when the server will be available. |
| When to use | Proxies and gateways emit 502 automatically. As an application developer, your responsibility is ensuring the upstream service is running, returning valid HTTP responses, and reachable from the proxy. | Use 503 for: intentional maintenance windows, overload shedding when the server cannot handle more requests, circuit breaker tripping on a failing dependency. Always include Retry-After when you know the recovery time. For rate limiting a specific client, use 429 instead. |
| Client behavior | May retry โ the upstream may recover. Implement exponential backoff. After repeated 502s, escalate to alert the operations team. | Retry after the time specified in Retry-After. If no Retry-After, use exponential backoff. Implement circuit breaker logic to stop sending requests to an endpoint that has been returning 503 repeatedly. |
| Caching behavior | Not cached. | May be cached if Retry-After is present, but this is unusual. Generally not cached. |
| SEO / crawler impact | Search crawlers interpret 502 (server-errors) for indexation and link equity accordingly. | Search crawlers interpret 503 (server-errors) for indexation and link equity accordingly. |
| API / backend impact | API clients branching on 502 expect Bad Gateway semantics. | API clients branching on 503 expect Service Unavailable semantics. |
| Safe to retry? | Yes, with backoff โ server may recover | Yes, with backoff โ server may recover |
Common real-world scenarios
When you see HTTP 502
In Nginx logs: "upstream sent invalid header," "connect() failed," or "recv() failed." In Cloudflare logs: error 502. Common causes: application server process crashed, application server returned HTTP 1.0 response to HTTP/1.1 proxy, application server not reachable on configured port, or application server returned headers that violate HTTP spec.
When you see HTTP 503
During maintenance windows, return 503 with Retry-After so users and crawlers know when to come back. During overload events, load balancers may return 503 when the upstream pool is exhausted. In microservices, a circuit breaker that has tripped returns 503 to downstream services.
Decision rule
Use 502 when the response should communicate bad gateway behavior; use 503 when service unavailable is the accurate protocol signal.
A frequent mistake is swapping 502 and 503 for convenience; that causes client retry bugs, incorrect cache signals, and misleading monitoring data.
Use 502 when the correct protocol signal is Bad Gateway. Use 503 when the correct signal is Service Unavailable. Returning either code for the wrong reason breaks client expectations, cache behavior, and monitoring accuracy.
FAQ
What is the biggest difference between 502 and 503?
502 communicates Bad Gateway, while 503 communicates Service Unavailable. Choosing the right one keeps clients and intermediaries predictable.
Do 502 and 503 have SEO or caching impact?
Yes. Search engines and caches interpret status classes differently. Use each code according to its semantics to avoid accidental indexing, stale responses, or crawl inefficiency.
Can APIs safely return 502 instead of 503?
Only when it matches contract semantics. API clients often branch logic by exact code, so swapping them can break retries, auth handling, or user-facing errors.
Full guides
HTTP 502 Bad Gateway โ full guide ยท HTTP 502 status reference ยท HTTP 503 Service Unavailable โ full guide ยท HTTP 503 status reference ยท All comparisons